The NSA and other state actors can use non-secure pages to inject code to exploi... | Hacker News

Hacker News new | past | comments | ask | show | jobs | submit

login

dsl on Aug 7, 2014 | parent | context | favorite | on: HTTPS as a ranking signal

The NSA and other state actors can use non-secure pages to inject code to exploit the browser and compromise your visitors.

http://en.wikipedia.org/wiki/FOXACID#QUANTUM_attacks

icebraining on Aug 7, 2014 [–]

State actors are probably irrelevant in this discussion; few of them won't be able to get a certificate to any website they want, in my opinion.

dsl on Aug 7, 2014 | [–]

This is a known issue and being addressed as well.

http://tools.ietf.org/html/draft-ietf-websec-key-pinning-11

http://dev.chromium.org/sts

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact